堆栈内存溢出
  简体   繁体   English

这个自定义日志模式的 Grok 模式是什么?

[英]what will be the Grok pattern for this custom log pattern?

 原文  2019-01-18 15:19:15       logstash/ logstash-grok

问题描述

Following is a small part of my log :以下是我日志的一小部分:

2018-12-06 18:55:20 INFO  epo - myfile.xml is loaded successfully
2018-12-06 18:55:20 INFO  epo - checking that whether the given file name is already present
2018-12-06 18:55:20 INFO  epo - some logging deatils
2018-12-06 18:55:20 INFO  epo - Entry has been added to table.
2018-12-06 18:55:20 INFO  epo - Total number of records processed 0000035
2018-12-06 18:55:20 INFO  epo - some logging deatils
2018-12-07 09:57:59 INFO  epo - myfile.xml is loaded successfully
2018-12-07 09:57:59 INFO  epo - [ElasticSearch] => PIN07122018F00001 request sent successfully.
2018-12-06 18:55:20 INFO  epo - myfile.xml is loaded successfully
2018-12-06 18:55:20 INFO  epo - checking that whether the given file name is already present
2018-12-06 18:55:20 INFO  epo - some logging deatils
2018-12-06 18:55:20 INFO  epo - Entry has been added to table.
2018-12-06 18:55:20 INFO  epo - Total number of records processed 0000035
2018-12-06 18:55:20 INFO  epo - some logging deatils
2018-12-07 09:57:59 INFO  epo - myfile.xml is loaded successfully
2018-12-07 09:57:59 INFO  epo - [ElasticSearch] => PIN07122018F00002 request sent unsuccessfully.

In this log I want to select lines which contains request IDs like PIN07122018F00001 and PIN07122018F00002 and send it to elastic Search.在此日志中,我想选择包含请求 ID(如 PIN07122018F00001 和 PIN07122018F00002)的行并将其发送到弹性搜索。

I am using logstash for this purpose, and my grok pattern is :我为此使用了 logstash,我的 grok 模式是:

input {
  . . .
}

filter {
  grok {
    patterns_dir => ["/myServer/mnt/appln/folder1/folder2/logstash/pattern"]
    match => { "message" => '^%{TIMESTAMP_ISO8601:timestamp} INFO  epo - \[ElasticSearch\] => %{REQ_ID:requestid} %{MSG:statusmsg}$' }
  }
}

output{
    . . .
}

where DEPOSITORY_REQ_ID and MSG is defined as :其中 DEPOSITORY_REQ_ID 和 MSG 定义为:

MSG (A-Za-z0-9 )+
REQ_ID PIN[0-9]{8}[A-Z]{1}[0-9]{5}

But I am still not able to match the required line, with this pattern its taking all the lines.但是我仍然无法匹配所需的行,这种模式占用了所有行。 Please tell me what will be the pattern to match the line :请告诉我匹配该行的模式是什么:

2018-12-07 09:57:59 INFO epo - [ElasticSearch] => PIN07122018F00001 request sent successfully. 2018-12-07 09:57:59 INFO epo - [ElasticSearch] => PIN07122018F00001 请求发送成功。

Please Help.请帮忙。

1 个解决方案

解决方案1
 1 已采纳  2019-01-18 15:34:56

The issue is with the MSG pattern.问题在于MSG模式。 The () denote a capturing group, which will try to match the exact content of the () . ()表示一个捕获组,它将尝试匹配()的确切内容。 What you want to use in your case is [] , which denotes a character class, which will match all characters from that class.您想在您的情况下使用的是[] ,它表示一个字符类,它将匹配该类中的所有字符。 Also it's missing the .它也缺少. that appears at the end of the lines.出现在行尾。

Your pattern should be defined this way, which would fix your issue:您的模式应该以这种方式定义,这将解决您的问题:

MSG [A-Za-z0-9 \.]+

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 自定义日志行的Grok模式 - Grok pattern for Custom log line 这个詹金斯日志的 grok 模式是什么? - What is the grok pattern for this jenkins log? 自定义日志字符串的 ElasticSearch Grok 模式问题 - ElasticSearch Grok Pattern issue for Custom Log String 自定义日志文本文件的Logstash grok模式 - Logstash grok pattern for custom log text file 用于自定义 nginx 访问日志的 Logstash grok 模式 - Logstash grok pattern for custom nginx access log 日志的Grok模式 - Grok pattern for log 日志事件的grok模式 - grok pattern for log event 此日志行的Grok模式 - Grok pattern with this log line 日志文件的 Grok 模式 - Grok pattern for log files 创建自定义 GROK 模式 - Creating a custom GROK pattern
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM